Confirmation of Payee (Gateway)
UK-compliant confirmation of payee (COP), delivered through a single, easy-to-integrate API.
Confirmation of Payee (COP) is an account name-checking service designed to help reduce misdirected payments and provide greater assurance that payments are being sent, and collected from, the intended account holder for UK domestic payments.
This API is organised around REST. The API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs. Make all API requests over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
API Metadata
- OpenAPI version: 3.0.4
- API version: 1.0.0
External Documentation
Servers
| URL | Description |
|---|---|
https://test-apigw.apicunia.com | Test/Sandbox |
https://apigw.apicunia.com | Production |
Authentication
Authentication for this API is via OAuth 2.0.
Requesting client must provide a valid bearer/access token in the Authorization header for all API requests.
The API uses the Client Credentials Grant flow.
Token Endpoint
GET https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/token
Request Example
curl --location --request GET 'https://login.microsoftonline.com/{YOUR_TENANT_ID}/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id={YOUR_CLIENT_ID}' \
--data-urlencode 'client_secret={YOUR_CLIENT_SECRET}' \
--data-urlencode 'scope={YOUR_SCOPE_ID}/.default'
For additional information on this method of API authentication see OAuth 2.0.
Confirmation of Payee
/copgateway/v1.0/confirmation-payee/name-verification
Summary
Confirmation of Payee detail endpoint.
Returns a Regulated UK COP Response indicating whether the supplied Payee details are a match or otherwise.
As Requestor:
The endpoint validates and routes an incoming COP request to the applicable responding PSP and relays the COP response back to the calling application.
Request
Request Headers
| Name | Type | Format | Required | Description |
|---|---|---|---|---|
x-fapi-interaction-id | string | uuid | Yes | An RFC4122 UUID used as a correlation id by the Requesting PSP |
X-Request-Timestamp | string | date-time | Yes | Timestamp of the COP Request in ISO 8601 UTC format (YYYY-MM-DDThh:mm:ss.sssZ) |
Request Body
Content Type: application/json
Schema: NameVerificationRequest
{
"data": {
"schemeName": "mandatory string (identifies the COP scheme, always 'SortCodeAccountNumber')",
"accountType": "mandatory string (Indicates either 'Personal' or 'Business' account type)",
"identification": "mandatory string (6-digit Sort Code and 8-digit Account Number, ^[0-9]{14}$)",
"name": "mandatory string (Name as input by the payment initiator, Max 140 Text)",
"secondaryIdentification": "optional string (Secondary reference data input by the payment initiator, Max 140 Text)"
}
}
Personal Account Type Examples (Sandbox data)
- Personal 1
- Personal 2
- Personal 3
- Personal 4
- Personal 5
- Personal 6
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Personal",
"identification": "60000190000001",
"name": "John Smith"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Personal",
"identification": "20454590000002",
"name": "Robert Jones"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Personal",
"identification": "16522190000003",
"name": "Stephen Brown"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Personal",
"identification": "30000290000004",
"name": "Sarah Thomas"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Personal",
"identification": "11000190000005",
"name": "Susan White"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Personal",
"identification": "60000190000001",
"name": "John Smith",
"secondaryIdentification": "Test"
}
}
Business Account Type Examples (Sandbox data)
- Business 1
- Business 2
- Business 3
- Business 4
- Business 5
- Business 6
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Business",
"identification": "40051580000001",
"name": "Oak Accounting"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Business",
"identification": "77010180000002",
"name": "Beacon Estates"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Business",
"identification": "82200080000003",
"name": "Simon Cycles Ltd"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Business",
"identification": "07011680000004",
"name": "Fienix Solutions"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Business",
"identification": "80226080000005",
"name": "Northbridge Consulting"
}
}
{
"data": {
"schemeName": "SortCodeAccountNumber",
"accountType": "Business",
"identification": "40051580000001",
"name": "Oak Accounting",
"secondaryIdentification": "Test"
}
}
Response
Response Headers
| Name | Type | Format | Required | Description |
|---|---|---|---|---|
x-fapi-interaction-id | string | uuid | Yes | An RFC4122 UUID used as a correlation id by the Requesting PSP |
X-Response-Timestamp | string | date-time | Yes | Timestamp of the COP Response in ISO 8601 UTC format |
Response Body
Content type: application/json
Schema: NameVerificationResponse
{
"data": {
"verificationReport": {
"matched": "boolean (returns true for a full name match and false for all other outcomes)",
"reasonCode": "string (see Reason Codes table below for details of applicable codes)",
"name": "string (Returns the actual account name, only in the event of a close match)"
}
}
}
200 OK Response
Regulated UK COP Reason codes (HTTP Status Code 200) A code is returned when the verification did not result in a full match outcome.
| Code | Meaning | Note |
|---|---|---|
ANNM | Account Name does not match | This is a No Match outcome |
AC01 | Unknown Account Number, Account does not exist in the CoP Responder | Name Verification was not possible |
MBAM | There may be a match on the Account Name (Close Match outcome) | Account Name is passed back. |
OPTO | Opted out of the CoP Scheme | |
ACNS | Account type Not supported by the CoP Responder | |
IVCR | Invalid Customer reference, relates to the Secondary Identification field in the request | |
BANM | This is a match with a Business account, personal account was requested | |
PANM | This is a match with a Personal account, business account was requested | |
BAMM | This is close match with Business Account, personal account was requested | Account Name is passed back. |
PAMM | This is close match with Personal Account, business account was requested | Account Name is passed back. |
CASS | Account has been switched using the Current Account Switch Service | |
SCNS | Sort code not supported by the CoP Responder |
NOTE: There are some legitimate reasons for a AC01 but the specific reason is not explicitly disclosed by the CoP responder. The account details supplied may well be valid at the CoP responding PSP/RVM but;
- Not eligible for COP (none accepting payment account)
- Account is confidential/protected and reason cannot legally be disclosed
- Issue with Name data at the PSP so cannot perform a COP
Response Examples (200 OK Status Code)
- Match
- ANNM: No Match
- MBAM: Close Match
- AC01: Not Possible
{
"data": {
"verificationReport": {
"matched": true
}
}
}
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "ANNM"
}
}
}
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "MBAM",
"name": "John Smith"
}
}
}
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "AC01"
}
}
}
Account Type Cross-Over Response Examples (200 OK Status Code)
These are examples where positive name matching occurred against a different account type to what was requested.
- BANM: Business Match
- PANM: Personal Match
- BAMM: Business Close Match
- PAMM: Personal Close Match
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "BANM"
}
}
}
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "PANM"
}
}
}
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "BAMM",
"name": "Oak Accounting"
}
}
}
{
"data": {
"verificationReport": {
"matched": false,
"reasonCode": "PAMM",
"name": "John Smith"
}
}
}
400 Status Code
Bad/Malformed COP Request. The request body is malformed. See Problem Details for additional information about API errors.
Bad Request Examples (400 Status Code)
- FORMAT_ERROR 1
- FORMAT_ERROR 2
- FORMAT_ERROR 3
- TIMESTAMP_INVALID
{
"type": "https://example.com/probs/FORMAT_ERROR",
"code": "FORMAT_ERROR",
"title": "Validation of COP Request failed. See Detail",
"status": 400,
"detail": "Invalid Sort Code and Account format.",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
{
"type": "https://example.com/probs/FORMAT_ERROR",
"code": "FORMAT_ERROR",
"title": "Validation of COP Request failed. See Detail",
"status": 400,
"detail": "Invalid Scheme Name - must be 'SortCodeAccountNumber'",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
{
"type": "https://example.com/probs/FORMAT_ERROR",
"code": "FORMAT_ERROR",
"title": "Validation of COP Request failed. See Detail",
"status": 400,
"detail": "Invalid Account Type - must be one of 'Personal' or 'Business'",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
{
"type": "https://example.com/probs/TIMESTAMP_INVALID",
"code": "TIMESTAMP_INVALID",
"title": "Invalid timestamp format: X-Request-Timestamp",
"status": 400,
"detail": "Invalid timestamp format: X-Request-Timestamp",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
401 Status Code
Invalid Request. The Requestor is not authorised to perform the request. See Problem Details for additional information about API errors.
Unauthorised Examples (401 Status Code)
- CLIENT_INVALID 1
- CLIENT_INVALID 2
{
"type": "https://example.com/probs/CLIENT_INVALID",
"code": "CLIENT_INVALID",
"title": "Validating the client failed. See Detail",
"status": 401,
"detail": "Invalid Client, no permission to access resource.",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
{
"type": "https://example.com/probs/CLIENT_INVALID",
"code": "CLIENT_INVALID",
"title": "Unknown Requestor/Responder. See Detail",
"status": 401,
"detail": "One or both of the Responding/Requesting party is not recognised or not currently adherent to the COP Scheme.",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
500 Status Code
Internal Server Error. This code is used whenever a technical problem occurred in the application code or application server that prevented the execution of the request. See Problem Details for additional information about API errors.
Internal Server Error Examples (500 Status Code)
- SERVER_ERROR
{
"type": "https://example.com/probs/SERVER_ERROR",
"code": "SERVER_ERROR",
"title": "Encountered an unexpected error/condition",
"status": 500,
"detail": "Encountered an unexpected error/condition.",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}
502 Status Code
Bad Gateway Error. This code is used whenever a technical problem occurred and the server acted as a gateway or proxy and received an invalid response from an upstream server. See Problem Details for additional information about API errors.
Bad Gateway Examples (502 Status Code)
- SSL_ERROR
{
"type": "https://example.com/probs/SSL_ERROR",
"code": "SSL_ERROR",
"title": "SSL/TLS handshake failed",
"status": 502,
"detail": "SSL/TLS handshake failed.",
"instance": "/copgateway/v1.0/confirmation-payee/name-verification"
}